CVE-2022-29800
Published on: Not Yet Published
Last Modified on: 12/21/2022 03:01:00 PM UTC
Certain versions of Windows Defender For Endpoint from Microsoft contain the following vulnerability:
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
- CVE-2022-29800 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 4.7 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | HIGH | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | NONE | HIGH | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn - Microsoft Security Blog | www.microsoft.com text/html |
MISC www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ |
Related QID Numbers
- 198761 Ubuntu Security Notification for networkd-dispatcher Vulnerabilities (USN-5395-1)
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Windows Defender For Endpoint | - | All | All | All |
- cpe:2.3:a:microsoft:windows_defender_for_endpoint:-:*:*:*:*:linux:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @campuscodi |
Microsoft report on Nimbuspwn, two vulnerabilities (CVE-2022-29799 and CVE-2022-29800) in the Linux systemd network… twitter.com/i/web/status/1… | 2022-04-26 18:42:19 |
| @EurekaBerry |
マイクロソフトの脆弱性調査チームが発見したLinuxの特権昇格の脆弱性 CVE-2022-29799 CVE-2022-29800 (Nimbuspwn) の解説と検知方法 なお脆弱性は修正済み microsoft.com/security/blog/… | 2022-04-26 23:32:46 |
| @securezoo |
Microsoft discovers Nimbuspwn Linux vulnerabilities (CVE-2022-29799 and CVE-2022-29800): buff.ly/3LmNW7k… twitter.com/i/web/status/1… | 2022-04-27 00:54:45 |
| @ohhara_shiojiri |
CVE-2022-29799 and CVE-2022-29800 | 2022-04-27 00:58:59 |
| @Flash162011 |
Microsoft report on Nimbuspwn, two vulnerabilities (CVE-2022-29799 and CVE-2022-29800) in the Linux systemd network… twitter.com/i/web/status/1… | 2022-04-27 01:44:22 |
| @kanunicipher |
Nimbuspwn CVE-2022-29799 and CVE-2022-29800 can be chained together to gain root privileges on Linux based on syste… twitter.com/i/web/status/1… | 2022-04-27 03:56:24 |
| @ipssignatures |
The vuln CVE-2022-29800 has a tweet created 0 days ago and retweeted 14 times. twitter.com/EurekaBerry/st… #pow1rtrtwwcve | 2022-04-27 04:06:00 |
| @the_yellow_fall |
CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability securityonline.info/cve-2022-29799… #opensource #infosec #security #pentest | 2022-04-27 05:09:04 |
| @AcooEdi |
CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability dlvr.it/SPJqL2 via securityonline https://t.co/74mQIC5Uko | 2022-04-27 05:10:03 |
| @moton |
CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability - securityonline.info/cve-2022-29799… | 2022-04-27 08:56:25 |
| @Dinosn |
CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability securityonline.info/cve-2022-29799… | 2022-04-27 09:14:11 |
| @d34dr4bbit |
CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability aeternusmalus.wordpress.com/2022/04/27/cve… | 2022-04-27 09:29:04 |
| @shah_sheikh |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800): Mic… twitter.com/i/web/status/1… | 2022-04-27 10:46:05 |
| @evanderburg |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… | 2022-04-27 10:46:07 |
| @PoseidonTPA |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… | 2022-04-27 10:52:03 |
| @helpnetsecurity |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines - helpnetsecurity.com/2022/04/27/cve… -… twitter.com/i/web/status/1… | 2022-04-27 10:52:06 |
| @cipherstorm |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800): Mic… twitter.com/i/web/status/1… | 2022-04-27 10:52:33 |
| @DeepFriedCyber |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… | 2022-04-27 10:55:09 |
| @test2v |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) -… twitter.com/i/web/status/1… | 2022-04-27 11:01:34 |
| @eagerbeavertech |
thehackernews.com/2022/04/micros… On top of that, the defects - tracked as CVE-2022-29799 and CVE-2022-29800 - could also… twitter.com/i/web/status/1… | 2022-04-27 11:03:34 |
| @IT_securitynews |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) itsecuritynews.info/nimbuspwn-bugs… | 2022-04-27 11:13:37 |
| @Xc0resecurity |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) dlvr.it/SPKmD9 | 2022-04-27 11:21:03 |
| @netsecu |
helpnetsecurity.com/2022/04/27/cve… Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-297… twitter.com/i/web/status/1… | 2022-04-27 12:00:05 |
| @DonMalloy |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… | 2022-04-27 12:08:04 |
| @cyberreport_io |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - He… twitter.com/i/web/status/1… | 2022-04-27 12:17:34 |
| @nicoboettcher |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) buff.ly/3LlduBL | 2022-04-27 12:21:51 |
| @CVEtrends |
Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-29799: 1.8M (audience size) CVE-2022-29800: 1.8M CVE-2022-294… twitter.com/i/web/status/1… | 2022-04-27 13:00:03 |
| @ProHoster_info |
Исследователи безопасности из компании Microsoft выявили две уязвимости (CVE-2022-29799, CVE-2022-29800) в сервис… twitter.com/i/web/status/1… | 2022-04-27 13:38:05 |
| @Har_sia |
CVE-2022-29800 har-sia.info/CVE-2022-29800… #HarsiaInfo | 2022-04-27 15:03:16 |
| @TychronC |
Tracked as CVE-2022-29799 and CVE-2022-29800, the Nimbuspwn security issues were discovered in networkd-dispatcher,… twitter.com/i/web/status/1… | 2022-04-27 17:18:30 |
| @SecurityNewsbot |
Nimbuspwn bugs allow attackers to gain #root privileges on some #Linux machines (CVE-2022-29799,... helpnetsecurity.com/2022/04/27/cve… #HelpNetSecurity | 2022-04-27 17:30:10 |
| @netalexx |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) helpnetsecurity.com/2022/04/27/cve… | 2022-04-27 17:37:21 |
| @aluandalee |
CVE-2022-29800 e CVE-2022-29799. microsoft.com/security/blog/… | 2022-04-27 17:39:30 |
| @HanjoLix |
Updates zum Fixen von CVE-2022-29799 CVE-2022-29800 finden... heise.de/-7067100 | 2022-04-27 18:16:16 |
| @rkx73 |
#CVE-2022-29799 #CVE-2022-29800 2 vulnerabilidades críticas en el sistema operativo Linux permiten instalar backdo… twitter.com/i/web/status/1… | 2022-04-27 18:19:32 |
| @ptracesecurity |
CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability securityonline.info/cve-2022-29799… #Pentesting… twitter.com/i/web/status/1… | 2022-04-27 19:01:48 |
| @Whitehead4Jeff |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) helpnetsecurity.com/2022/04/27/cve… | 2022-04-27 19:18:01 |
| @foxbook |
Nimbuspwnのバグにより、攻撃者は一部のLinuxマシンでroot権限を取得できます(CVE-2022-29799、CVE-2022-29800) helpnetsecurity.com/2022/04/27/cve… | 2022-04-27 20:40:24 |
| @LanceSchukies |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) -… twitter.com/i/web/status/1… | 2022-04-27 21:25:00 |
| @__motojiro__ |
これ、2つの脆弱性fixされている?ubuntuのcve tracker見たらneed triageってなってるけど... ubuntu.com/security/CVE-2… ubuntu.com/security/CVE-2… | 2022-04-28 00:56:40 |
| @ipssignatures |
The vuln CVE-2022-29800 has a tweet created 0 days ago and retweeted 10 times. twitter.com/Dinosn/status/… #pow1rtrtwwcve | 2022-04-28 02:06:01 |
| @troglod |
Vulnerabilidad: Nimbuspwn | CVE-2022-29799 y CVE-2022-29800 noticiasseguridad.com/vulnerabilidad… | 2022-04-28 05:18:51 |
| @Decio_o_o |
⚠️? CVE-2022-29799 CVE-2022-29800 Mise à jour recommandée vers la version 2.2 de networkd-dispatcher pour les dis… twitter.com/i/web/status/1… | 2022-04-28 08:23:13 |
| @ciberconsejo |
[CVE-2022-29799 - CVE-2022-29800] Nimbuspwn, una vulnerabilidad en networkd-dispatcher que permite ejecutar comando… twitter.com/i/web/status/1… | 2022-04-28 08:44:04 |
| @SocuraMDR |
Microsoft discovered vulnerabilities in the networkd-dispatcher daemon; CVE-2022-29799 and CVE-2022-29800 (Nimbuspw… twitter.com/i/web/status/1… | 2022-04-28 11:28:20 |
| @SeYasashi |
(CVE-2022-29800) networkd-dispatcherの脆弱性なわけだが、 Ubuntuで止めちゃいば脆弱性の影響をうけない。 [email protected]:~# systemctl stop networkd-dispatcher | 2022-04-28 11:48:35 |
| @ThreatMonIT |
Beyond that, vulnerabilities tracked as CVE-2022-29799 and CVE-2022-29800 can be used as root access to deploy soph… twitter.com/i/web/status/1… | 2022-04-28 11:54:45 |
| @Myinfosecfeed |
New post: "nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable" ift.tt/Vb8UdWP | 2022-04-28 12:49:21 |
| @_r_netsec |
nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable github.com/jfrog/nimbuspw… | 2022-04-28 12:58:07 |
| @CybrXx0 |
nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable via /r/net… twitter.com/i/web/status/1… | 2022-04-28 12:59:29 |
| @beingsheerazali |
nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable… twitter.com/i/web/status/1… | 2022-04-28 13:32:16 |
| @Har_sia |
CVE-2022-29800 har-sia.info/CVE-2022-29800… #HarsiaInfo | 2022-04-28 15:04:09 |
| @helpnetsecurity |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines - helpnetsecurity.com/2022/04/27/cve… -… twitter.com/i/web/status/1… | 2022-04-28 17:30:13 |
| @netsecu |
socprime.com/blog/cve-2022-… CVE-2022-29799 and CVE-2022-29800 Detection: Novel Privilege Escalation Vulnerabilities in… twitter.com/i/web/status/1… | 2022-04-28 18:15:04 |
| @Pierozi |
?#Nimbuspwn vulnerability Latest Linux #exploit to be root before lunchtime CVE-2022-29799 CVE-2022-29800 | 2022-04-28 20:52:22 |
| @SeYasashi |
CVE-2022-29799,CVE-2022-29800の修正パッケージがUbuntuでリリースされたか launchpad.net/ubuntu/+source… | 2022-04-28 22:22:23 |
| @waiha8 |
“Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - H… twitter.com/i/web/status/1… | 2022-04-29 06:29:28 |
| @willysr2804 |
Luckily, Slackware is not affected by CVE-2022-29799 and CVE-2022-29800 aka Nimbuspwn | 2022-04-29 07:40:13 |
| @SOC_Prime |
Microsoft researchers reveal novel #Nimbuspwn #vulnerabilities CVE-2022-29799 and CVE-2022-29800 on #Linux systems.… twitter.com/i/web/status/1… | 2022-04-29 08:55:56 |
| @edkedris |
novel #Nimbuspwn #vulnerabilities CVE-2022-29799 and CVE-2022-29800 on #Linux systems. twitter.com/edkedris/statu… | 2022-04-29 09:17:08 |
| @ipssignatures |
The vuln CVE-2022-29800 has a tweet created 0 days ago and retweeted 10 times. twitter.com/_r_netsec/stat… #pow1rtrtwwcve | 2022-04-29 10:06:01 |
| @vitinhlugia |
Nhóm Nghiên cứu Bộ bảo vệ Microsoft 365 đã phát hiện ra các lỗ hổng được theo dõi là CVE-2022-29799 và CVE-2022-29800. | 2022-04-29 14:02:36 |
| @Har_sia |
CVE-2022-29800 har-sia.info/CVE-2022-29800… #HarsiaInfo | 2022-04-29 15:04:46 |
| @Har_sia |
CVE-2022-29800 har-sia.info/CVE-2022-29800… #HarsiaInfo | 2022-04-29 18:25:17 |
| @Dinosn |
nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable reddit.com/r/netsec/comme… | 2022-04-29 20:24:12 |
| @jw4lsec |
KQL/MDE query for hunting #nimbuspwn (CVE-2022-29799 and CVE-2022-29800). Focuses on the networkd-dispatcher proces… twitter.com/i/web/status/1… | 2022-04-29 20:50:11 |
| @beingsheerazali |
nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable reddit.com/r/netsec/comme… Dinosn | 2022-04-30 02:13:59 |
| @CKsTechNews |
Nimbuspwn detector - Script to check against CVE-2022-29799 & CVE-2022-29800 Project github.com/jfrog/nimbuspw… https://t.co/VBt8wc8ZxW | 2022-04-30 15:33:05 |
| @malwaresick |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… | 2022-04-30 17:04:00 |
| @s_adachi |
Good summary of CVE-2022-29799 and CVE-2022-29800, vulnerabilities on Linux found by Microsoft. lnkd.in/eTkMZZim | 2022-04-30 21:55:46 |
| @jackfusion |
helpnetsecurity.com/2022/04/27/cve… | 2022-05-01 00:01:25 |
| @secalertsasia |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - He… twitter.com/i/web/status/1… | 2022-05-02 08:38:15 |
| @rushisec |
My exploit script for Nimbuspwn (CVE-2022-29799/CVE-2022-29800) has been released and is available below. Method fo… twitter.com/i/web/status/1… | 2022-05-03 09:07:04 |
| @ashokkrishna99 |
fourcore.io/blogs/nimbuspw… | 2022-05-04 11:04:39 |
| @Lulztigre |
fourcore.io/blogs/nimbuspw… https://t.co/Tg9RLQAtDF | 2022-05-04 11:27:44 |
| @IgorOs6 |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - He… twitter.com/i/web/status/1… | 2022-05-13 17:04:07 |
| @web4x4_es |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… | 2022-05-16 10:13:09 |
| @auser |
@hakluke securityonline.info/cve-2022-29799… not tooooo old | 2022-05-18 11:12:44 |
| @techadversary |
nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable… twitter.com/i/web/status/1… | 2022-06-11 21:45:33 |
| @CVEreport |
CVE-2022-29800 : A time-of-check-time-of-use TOCTOU race condition vulnerability was found in networkd-dispatcher… twitter.com/i/web/status/1… | 2022-09-21 19:08:21 |
 /r/netsec |
nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable | 2022-04-28 12:43:41 |
| /r/SecOpsDaily |
[CVE-2022-29799 / CVE-2022-29800] nimbuspwn detection tool released by jfrog | 2022-04-29 06:08:39 |
| /r/programming |
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - Help Net Security | 2022-04-29 17:04:00 |
| /r/netcve |
CVE-2022-29800 | 2022-09-21 20:38:49 |